From 5cdce74a9ac94e3a4b5e369b22ab6fcf9bbbb384 Mon Sep 17 00:00:00 2001
From: abobrov <abobrov@localhost>
Date: Mon, 18 May 2009 23:17:06 +0000
Subject: [PATCH] - patch [Issue 3984] & [Issue 3989] : Security issues with Assertion, Pre-Read, Post-Read Controls.

---
 opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendSearchOperation.java |   12 ++++++++++--
 1 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendSearchOperation.java b/opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendSearchOperation.java
index b80adaf..b80325c 100644
--- a/opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendSearchOperation.java
+++ b/opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendSearchOperation.java
@@ -361,8 +361,6 @@
 
           try
           {
-            // FIXME -- We need to determine whether the current user has
-            //          permission to make this determination.
             SearchFilter assertionFilter = assertControl.getSearchFilter();
             Entry entry;
             try
@@ -387,6 +385,16 @@
                              ERR_SEARCH_NO_SUCH_ENTRY_FOR_ASSERTION.get());
             }
 
+            // Check if the current user has permission to make
+            // this determination.
+            if (!AccessControlConfigManager.getInstance().
+              getAccessControlHandler().isAllowed(this, entry, assertionFilter))
+            {
+              throw new DirectoryException(
+                ResultCode.INSUFFICIENT_ACCESS_RIGHTS,
+                ERR_CONTROL_INSUFFICIENT_ACCESS_RIGHTS.get(oid));
+            }
+
             if (! assertionFilter.matchesEntry(entry))
             {
               throw new DirectoryException(ResultCode.ASSERTION_FAILED,

--
Gitblit v1.10.0